From d38fe0e5cab4a7efaba8a79a22a85b0e67817441 Mon Sep 17 00:00:00 2001 From: "terry%mozilla.org" <> Date: Wed, 8 Mar 2000 02:22:41 +0000 Subject: Patch by Brian Duggan -- security improvements. --- showattachment.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'showattachment.cgi') diff --git a/showattachment.cgi b/showattachment.cgi index d5dcfb8df..4a1864b3b 100755 --- a/showattachment.cgi +++ b/showattachment.cgi @@ -29,7 +29,7 @@ ConnectToDatabase(); my @row; if (defined $::FORM{'attach_id'}) { - SendSQL("select mimetype, thedata from attachments where attach_id = $::FORM{'attach_id'}"); + SendSQL("select mimetype, thedata from attachments where attach_id =".SqlQuote($::FORM{'attach_id'}); @row = FetchSQLData(); } if (!@row) { -- cgit v1.2.3-65-gdbad